├── .gitignore ├── LICENSE ├── README.md ├── account-kit-passwordless ├── dist │ ├── login.html │ └── login_success.html ├── package.json └── server.js └── auth0-passwordless ├── dist ├── callback.html └── login.html ├── package.json └── server.js /.gitignore: -------------------------------------------------------------------------------- 1 | node_modules 2 | package-lock.json 3 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016 Auth0 Blog Samples 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Passwordless Authentication Samples 2 | 3 | This repo contains code samples for the Passwordless Login with Facebook Account Kit article from the Auth0 blog. There are two NodeJs apps, one for Facebook Account Kit and the other for Auth0 Passwordless showing how you can add passwordless authentication in each. 4 | 5 | ## Setup Instructions: Facebook Account Kit 6 | 7 | Facebook Account Kit requires that you have a Facebook Developer Account with a registered app that has Account Kit enabled. 8 | 9 | 1. Run `npm install` to install dependencies (NodeJs is a prerequisite) 10 | 2. Open the `server.js` file 11 | 3. Replace `YOUR_FACEBOOK_APP_ID` and `YOUR_ACCOUNT_KIT_SECRET` with your credentials 12 | 4. Open the `login.html` file in the `/dist` directory 13 | 5. Replace `YOUR_FACEBOOK_APP_ID` with your credentials 14 | 6. Run the app executing `node server` 15 | 7. Navigate to `localhost:3000` to see the app 16 | 17 | 18 | ## Setup Instructions: Auth0 Passwordless 19 | 20 | Auth0 Passwordless requires that you have an Auth0 account. [Sign up](https://auth0.com) for free if you don't. 21 | 22 | 1. Run `npm install` to install dependencies (NodeJs is a prerequisite) 23 | 2. Open the `login.html` and `callback.html` pages 24 | 3. Replace `AUTH0_CLIENT_ID`, `AUTH0_DOMAIN` and `AUTH0_CALLBACKURL` with your credentials in each of the pages 25 | 4. Run the app by executing `node server` from the terminal 26 | 5. Navigate to `localhost:3000` to see the app 27 | 28 | ## What is Auth0? 29 | 30 | Auth0 helps you to: 31 | 32 | * Add authentication with [multiple authentication sources](https://docs.auth0.com/identityproviders), either social like **Google, Facebook, Microsoft Account, LinkedIn, GitHub, Twitter, Box, Salesforce, amont others**, or enterprise identity systems like **Windows Azure AD, Google Apps, Active Directory, ADFS or any SAML Identity Provider**. 33 | * Add authentication through more traditional **[username/password databases](https://docs.auth0.com/mysql-connection-tutorial)**. 34 | * Add support for **[linking different user accounts](https://docs.auth0.com/link-accounts)** with the same user. 35 | * Support for generating signed [Json Web Tokens](https://docs.auth0.com/jwt) to call your APIs and **flow the user identity** securely. 36 | * Analytics of how, when and where users are logging in. 37 | * Pull data from other sources and add it to the user profile, through [JavaScript rules](https://docs.auth0.com/rules). 38 | 39 | ## Create a free Auth0 account 40 | 41 | 1. Go to [Auth0](https://auth0.com/signup) and click Sign Up. 42 | 2. Use Google, GitHub or Microsoft Account to login. 43 | 44 | ## Issue Reporting 45 | 46 | If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The [Responsible Disclosure Program](https://auth0.com/whitehat) details the procedure for disclosing security issues. 47 | 48 | ## Author 49 | 50 | [Auth0](auth0.com) 51 | -------------------------------------------------------------------------------- /account-kit-passwordless/dist/login.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Password Free: Facebook Account Kit 5 | 6 | 7 | 16 | 17 | 18 | 19 | 20 | 21 | 22 |
23 |
24 |
25 |
26 |

Passwordless Authentication

27 |

Facebook Account Kit

28 |

Login via:

29 |
    30 |
  • 31 | 32 | 33 | 34 |
    • 35 |
  • 36 | 37 |
    • 38 |
39 |
40 |
41 |
42 |
43 | 48 | 49 | 86 | 87 | 88 | -------------------------------------------------------------------------------- /account-kit-passwordless/dist/login_success.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | AccountKitJS App 6 | 7 | 8 | 17 | 18 | 19 | 20 | 21 |
22 |
23 |
24 |
25 |

Passwordless Authentication

26 |

You're In!

27 |

Details:

28 |
    29 |
  • 30 | 31 | fingerprint 32 | {{method}} 33 | 34 |
    • 35 |
  • 36 | 37 | face 38 | {{identity}} 39 | 40 |
    • 41 |
  • 42 | 43 | person 44 | {{user_id}} 45 | 46 |
    • 47 |
  • 48 | 49 | 50 | 51 |
    • 52 |
53 |
54 |
55 |
56 |
57 | 58 | 63 | 64 | 65 | -------------------------------------------------------------------------------- /account-kit-passwordless/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "FacebookAccountKitPasswordless", 3 | "version": "0.0.1", 4 | "dependencies": { 5 | "body-parser": "^1.15.0", 6 | "express": "3.x", 7 | "guid": "0.0.12", 8 | "mustache": "^2.2.1", 9 | "querystring": "^0.2.0", 10 | "request": "^2.69.0" 11 | } 12 | } -------------------------------------------------------------------------------- /account-kit-passwordless/server.js: -------------------------------------------------------------------------------- 1 | const fs = require('fs'); 2 | const Guid = require('guid'); 3 | const express = require('express'); 4 | const bodyParser = require("body-parser"); 5 | const Mustache = require('mustache'); 6 | const Request = require('request'); 7 | const Querystring = require('querystring'); 8 | const app = express(); 9 | 10 | app.use(bodyParser.urlencoded({ extended: false })); 11 | app.use(bodyParser.json()); 12 | 13 | var csrf_guid = Guid.raw(); 14 | const api_version = "v1.0"; 15 | const app_id = "YOUR_FACEBOOK_APP_ID"; 16 | const app_secret = 'YOUR_ACCOUNT_KIT_SECRET'; 17 | const me_endpoint_base_url = 'https://graph.accountkit.com/v1.0/me'; 18 | const token_exchange_base_url = 'https://graph.accountkit.com/v1.0/access_token'; 19 | 20 | function loadLogin() { 21 | return fs.readFileSync('dist/login.html').toString(); 22 | } 23 | 24 | app.get('/', function(request, response){ 25 | var view = { 26 | appId: app_id, 27 | csrf: csrf_guid, 28 | version: api_version, 29 | }; 30 | 31 | var html = Mustache.to_html(loadLogin(), view); 32 | response.send(html); 33 | }); 34 | 35 | function loadLoginSuccess() { 36 | return fs.readFileSync('dist/login_success.html').toString(); 37 | } 38 | 39 | app.post('/sendcode', function(request, response){ 40 | // CSRF check 41 | if (request.body.csrf_nonce === csrf_guid) { 42 | var app_access_token = ['AA', app_id, app_secret].join('|'); 43 | var params = { 44 | grant_type: 'authorization_code', 45 | code: request.body.code, 46 | access_token: app_access_token 47 | //appsecret_proof: app_secret 48 | }; 49 | 50 | // exchange tokens 51 | var token_exchange_url = token_exchange_base_url + '?' + Querystring.stringify(params); 52 | Request.get({url: token_exchange_url, json: true}, function(err, resp, respBody) { 53 | console.log(respBody); 54 | var view = { 55 | user_access_token: respBody.access_token, 56 | expires_at: respBody.expires_at, 57 | user_id: respBody.id, 58 | }; 59 | // get account details at /me endpoint 60 | var me_endpoint_url = me_endpoint_base_url + '?access_token=' + respBody.access_token; 61 | Request.get({url: me_endpoint_url, json:true }, function(err, resp, respBody) { 62 | // send login_success.html 63 | console.log(respBody); 64 | if (respBody.phone) { 65 | view.method = "SMS" 66 | view.identity = respBody.phone.number; 67 | } else if (respBody.email) { 68 | view.method = "Email" 69 | view.identity = respBody.email.address; 70 | } 71 | var html = Mustache.to_html(loadLoginSuccess(), view); 72 | response.send(html); 73 | }); 74 | }); 75 | } 76 | else { 77 | // login failed 78 | response.writeHead(200, {'Content-Type': 'text/html'}); 79 | response.end("Something went wrong. :( "); 80 | } 81 | }); 82 | 83 | app.listen(3000); -------------------------------------------------------------------------------- /auth0-passwordless/dist/callback.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Password Free: Facebook Account Kit 5 | 6 | 7 | 16 | 17 | 18 | 19 | 20 | 21 | 22 |
23 |
24 |
25 |
26 |

Passwordless Authentication

27 |

You're In!

28 |

Details:

29 |
    30 |
  • 31 | 32 | fingerprint 33 | 34 | 35 |
    • 36 |
  • 37 | 38 | face 39 | 40 | 41 |
    • 42 |
  • 43 | 44 | person 45 | 46 | 47 |
    • 48 |
  • 49 | 50 | 51 | 52 |
    • 53 |
54 |
55 |
56 |
57 |
58 | 59 | 86 | 87 | 88 | -------------------------------------------------------------------------------- /auth0-passwordless/dist/login.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Password Free: Facebook Account Kit 5 | 6 | 7 | 16 | 17 | 18 | 19 | 20 | 21 | 22 |
23 |
24 |
25 |
26 |

Passwordless Authentication

27 |

Auth0

28 |

Login via:

29 |
    30 |
  • 31 | 32 | 33 | 34 |
    • 35 |
  • 36 | 37 | 38 | 39 |
    • 40 |
  • 41 | 42 | 43 | 44 |
    • 45 |
  • 46 | 47 | 48 | 49 |
    • 50 |
51 |
52 |
53 |
54 |
55 | 56 | 117 | 118 | 119 | -------------------------------------------------------------------------------- /auth0-passwordless/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "FacebookAccountKitPasswordless", 3 | "version": "1.0.0", 4 | "dependencies": { 5 | "express": "3.x", 6 | "mustache": "^2.2.1" 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /auth0-passwordless/server.js: -------------------------------------------------------------------------------- 1 | const fs = require('fs'); 2 | const express = require('express'); 3 | const Mustache = require('mustache'); 4 | 5 | const app = express(); 6 | 7 | function loadLogin() { 8 | return fs.readFileSync('dist/login.html').toString(); 9 | } 10 | 11 | function loadCallback(){ 12 | return fs.readFileSync('dist/callback.html').toString(); 13 | } 14 | 15 | app.get('/', function(request, response){ 16 | var view = {}; 17 | var html = Mustache.to_html(loadLogin(), view); 18 | response.send(html); 19 | }); 20 | 21 | app.get('/callback', function(request, response){ 22 | var view = {}; 23 | var html = Mustache.to_html(loadCallback(), view); 24 | response.send(html); 25 | }) 26 | 27 | app.listen(3000); --------------------------------------------------------------------------------